/*     */ package com.zimbra.cs.account;
/*     */ 
/*     */ import com.google.common.base.Objects;
/*     */ import com.google.common.base.Objects.ToStringHelper;
/*     */ import com.zimbra.common.account.Key.AccountBy;
/*     */ import com.zimbra.common.auth.ZAuthToken;
/*     */ import com.zimbra.common.localconfig.KnownKey;
/*     */ import com.zimbra.common.localconfig.LC;
/*     */ import com.zimbra.common.service.ServiceException;
/*     */ import com.zimbra.common.soap.Element;
/*     */ import com.zimbra.common.util.BlobMetaData;
/*     */ import com.zimbra.common.util.BlobMetaDataEncodingException;
/*     */ import com.zimbra.common.util.Log;
/*     */ import com.zimbra.common.util.LogFactory;
/*     */ import com.zimbra.common.util.MapUtil;
/*     */ import com.zimbra.common.util.ZimbraCookie;
/*     */ import com.zimbra.cs.account.auth.AuthMechanism.AuthMech;
/*     */ import java.io.PrintStream;
/*     */ import java.security.InvalidKeyException;
/*     */ import java.security.NoSuchAlgorithmException;
/*     */ import java.util.Map;
/*     */ import java.util.Random;
/*     */ import javax.crypto.Mac;
/*     */ import javax.crypto.SecretKey;
/*     */ import javax.servlet.http.HttpServletResponse;
/*     */ import org.apache.commons.codec.DecoderException;
/*     */ import org.apache.commons.codec.binary.Hex;
/*     */ import org.apache.commons.httpclient.Cookie;
/*     */ import org.apache.commons.httpclient.HttpClient;
/*     */ import org.apache.commons.httpclient.HttpMethod;
/*     */ import org.apache.commons.httpclient.HttpState;
/*     */ import org.apache.commons.httpclient.params.HttpClientParams;
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ public class ZimbraAuthToken
/*     */   extends AuthToken
/*     */   implements Cloneable
/*     */ {
/*     */   private static final String C_ID = "id";
/*     */   private static final String C_AID = "aid";
/*     */   private static final String C_EXP = "exp";
/*     */   private static final String C_ADMIN = "admin";
/*     */   private static final String C_DOMAIN = "domain";
/*     */   private static final String C_DLGADMIN = "dlgadmin";
/*     */   private static final String C_TYPE = "type";
/*     */   private static final String C_TYPE_ZIMBRA_USER = "zimbra";
/*     */   private static final String C_TYPE_EXTERNAL_USER = "external";
/*     */   private static final String C_EXTERNAL_USER_EMAIL = "email";
/*     */   private static final String C_DIGEST = "digest";
/*     */   private static final String C_VALIDITY_VALUE = "vv";
/*     */   private static final String C_AUTH_MECH = "am";
/*     */   private static final String C_TOKEN_ID = "tid";
/*     */   private static final String C_SERVER_VERSION = "version";
/*     */   private static final String C_CSRF = "csrf";
/*  75 */   private static final Map<String, ZimbraAuthToken> CACHE = MapUtil.newLruMap(LC.zimbra_authtoken_cache_size.intValue());
/*  76 */   private static final Log LOG = LogFactory.getLog(AuthToken.class);
/*     */   
/*     */   private String accountId;
/*     */   private String adminAccountId;
/*  80 */   private int validityValue = -1;
/*     */   private long expires;
/*     */   private String encoded;
/*     */   private boolean isAdmin;
/*     */   private boolean isDomainAdmin;
/*     */   private boolean isDelegatedAdmin;
/*     */   private String type;
/*     */   private String externalUserEmail;
/*     */   private String digest;
/*     */   private String accessKey;
/*     */   private String proxyAuthToken;
/*     */   private AuthMechanism.AuthMech authMech;
/*  92 */   private Integer tokenID = Integer.valueOf(-1);
/*     */   private String server_version;
/*     */   private boolean csrfTokenEnabled;
/*     */   
/*     */   public String toString()
/*     */   {
/*  98 */     return Objects.toStringHelper(this).add("acct", this.accountId).add("admin", this.adminAccountId).add("exp", this.expires).add("isAdm", this.isAdmin).add("isDlgAd", this.isDelegatedAdmin).toString();
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */   protected static AuthTokenKey getCurrentKey()
/*     */     throws AuthTokenException
/*     */   {
/*     */     try
/*     */     {
/* 109 */       return AuthTokenKey.getCurrentKey();
/*     */     }
/*     */     catch (ServiceException e) {
/* 112 */       LOG.fatal("unable to get latest AuthTokenKey", e);
/* 113 */       throw new AuthTokenException("unable to get AuthTokenKey", e);
/*     */     }
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */   public static synchronized AuthToken getAuthToken(String encoded)
/*     */     throws AuthTokenException
/*     */   {
/* 122 */     ZimbraAuthToken at = (ZimbraAuthToken)CACHE.get(encoded);
/* 123 */     if (at == null) {
/* 124 */       at = new ZimbraAuthToken(encoded);
/* 125 */       if (!at.isExpired()) {
/* 126 */         CACHE.put(encoded, at);
/*     */       }
/*     */       
/*     */     }
/* 130 */     else if (at.isExpired()) {
/* 131 */       CACHE.remove(encoded);
/*     */     }
/*     */     
/* 134 */     return at;
/*     */   }
/*     */   
/*     */   protected ZimbraAuthToken() {}
/*     */   
/*     */   public static Map<?, ?> getInfo(String encoded) throws AuthTokenException
/*     */   {
/* 141 */     String[] parts = encoded.split("_");
/* 142 */     if (parts.length != 3) {
/* 143 */       throw new AuthTokenException("invalid authtoken format");
/*     */     }
/* 145 */     return getAttrs(parts[2]);
/*     */   }
/*     */   
/*     */   private static Map<?, ?> getAttrs(String data) throws AuthTokenException {
/*     */     try {
/* 150 */       String decoded = new String(Hex.decodeHex(data.toCharArray()));
/* 151 */       return BlobMetaData.decode(decoded);
/*     */     } catch (DecoderException e) {
/* 153 */       throw new AuthTokenException("decoding exception", e);
/*     */     } catch (BlobMetaDataEncodingException e) {
/* 155 */       throw new AuthTokenException("blob decoding exception", e);
/*     */     }
/*     */   }
/*     */   
/*     */   protected ZimbraAuthToken(String encoded) throws AuthTokenException {
/*     */     try {
/* 161 */       this.encoded = encoded;
/* 162 */       int pos = encoded.indexOf('_');
/* 163 */       if (pos == -1) {
/* 164 */         throw new AuthTokenException("invalid authtoken format");
/*     */       }
/* 166 */       String ver = encoded.substring(0, pos);
/*     */       
/* 168 */       int pos2 = encoded.indexOf('_', pos + 1);
/* 169 */       if (pos2 == -1) {
/* 170 */         throw new AuthTokenException("invalid authtoken format");
/*     */       }
/* 172 */       String hmac = encoded.substring(pos + 1, pos2);
/* 173 */       String data = encoded.substring(pos2 + 1);
/*     */       
/* 175 */       AuthTokenKey key = AuthTokenKey.getVersion(ver);
/* 176 */       if (key == null) {
/* 177 */         throw new AuthTokenException("unknown key version");
/*     */       }
/* 179 */       String computedHmac = getHmac(data, key.getKey());
/* 180 */       if (!computedHmac.equals(hmac)) {
/* 181 */         throw new AuthTokenException("hmac failure");
/*     */       }
/* 183 */       Map<?, ?> map = getAttrs(data);
/*     */       
/* 185 */       this.accountId = ((String)map.get("id"));
/* 186 */       this.adminAccountId = ((String)map.get("aid"));
/* 187 */       this.expires = Long.parseLong((String)map.get("exp"));
/* 188 */       String ia = (String)map.get("admin");
/* 189 */       this.isAdmin = "1".equals(ia);
/* 190 */       String da = (String)map.get("domain");
/* 191 */       this.isDomainAdmin = "1".equals(da);
/* 192 */       String dlga = (String)map.get("dlgadmin");
/* 193 */       this.isDelegatedAdmin = "1".equals(dlga);
/* 194 */       this.type = ((String)map.get("type"));
/*     */       
/* 196 */       String authMechStr = (String)map.get("am");
/* 197 */       this.authMech = AuthMechanism.AuthMech.fromString(authMechStr);
/*     */       
/* 199 */       this.externalUserEmail = ((String)map.get("email"));
/* 200 */       this.digest = ((String)map.get("digest"));
/* 201 */       String vv = (String)map.get("vv");
/* 202 */       if (vv != null) {
/*     */         try {
/* 204 */           this.validityValue = Integer.parseInt(vv);
/*     */         } catch (NumberFormatException e) {
/* 206 */           this.validityValue = -1;
/*     */         }
/*     */       } else {
/* 209 */         this.validityValue = -1;
/*     */       }
/*     */       
/* 212 */       String tid = (String)map.get("tid");
/* 213 */       if (tid != null) {
/*     */         try {
/* 215 */           this.tokenID = Integer.valueOf(Integer.parseInt(tid));
/*     */         } catch (NumberFormatException e) {
/* 217 */           this.tokenID = Integer.valueOf(-1);
/*     */         }
/*     */       } else {
/* 220 */         this.tokenID = Integer.valueOf(-1);
/*     */       }
/* 222 */       this.server_version = ((String)map.get("version"));
/*     */       
/* 224 */       String csrf = (String)map.get("csrf");
/* 225 */       if (csrf != null) {
/* 226 */         this.csrfTokenEnabled = "1".equals(map.get("csrf"));
/*     */       }
/*     */     } catch (ServiceException e) {
/* 229 */       throw new AuthTokenException("service exception", e);
/*     */     }
/*     */   }
/*     */   
/*     */   public ZimbraAuthToken(Account acct) {
/* 234 */     this(acct, false, null);
/*     */   }
/*     */   
/*     */   public ZimbraAuthToken(Account acct, boolean isAdmin, AuthMechanism.AuthMech authMech) {
/* 238 */     this(acct, 0L, isAdmin, null, authMech);
/*     */   }
/*     */   
/*     */   public ZimbraAuthToken(Account acct, long expires) {
/* 242 */     this(acct, expires, false, null, null);
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   public ZimbraAuthToken(Account acct, long expires, boolean isAdmin, Account adminAcct, AuthMechanism.AuthMech authMech)
/*     */   {
/* 255 */     if (expires == 0L) {
/* 256 */       long lifetime = (isAdmin) || (this.isDomainAdmin) || (this.isDelegatedAdmin) ? acct.getTimeInterval("zimbraAdminAuthTokenLifetime", 43200000L) : acct.getTimeInterval("zimbraAuthTokenLifetime", 43200000L);
/*     */       
/*     */ 
/* 259 */       expires = System.currentTimeMillis() + lifetime;
/*     */     }
/* 261 */     this.accountId = acct.getId();
/* 262 */     this.adminAccountId = (adminAcct != null ? adminAcct.getId() : null);
/* 263 */     this.validityValue = acct.getAuthTokenValidityValue();
/* 264 */     this.expires = expires;
/* 265 */     this.isAdmin = ((isAdmin) && ("TRUE".equals(acct.getAttr("zimbraIsAdminAccount"))));
/* 266 */     this.isDomainAdmin = ((isAdmin) && ("TRUE".equals(acct.getAttr("zimbraIsDomainAdminAccount"))));
/* 267 */     this.isDelegatedAdmin = ((isAdmin) && ("TRUE".equals(acct.getAttr("zimbraIsDelegatedAdminAccount"))));
/* 268 */     this.authMech = authMech;
/* 269 */     this.encoded = null;
/* 270 */     if ((acct instanceof GuestAccount)) {
/* 271 */       this.type = "external";
/* 272 */       GuestAccount g = (GuestAccount)acct;
/* 273 */       this.digest = g.getDigest();
/* 274 */       this.accessKey = g.getAccessKey();
/* 275 */       this.externalUserEmail = g.getName();
/*     */     } else {
/* 277 */       this.type = "zimbra";
/*     */     }
/* 279 */     this.tokenID = Integer.valueOf(new Random().nextInt(2147483646) + 1);
/*     */     try {
/* 281 */       Server server = acct.getServer();
/* 282 */       if (server != null) {
/* 283 */         this.server_version = server.getAttr("zimbraServerVersion", "");
/*     */       }
/*     */     } catch (ServiceException e) {
/* 286 */       LOG.error("Unable to fetch server version for the user account", e);
/*     */     }
/* 288 */     register();
/*     */   }
/*     */   
/*     */ 
/*     */   public ZimbraAuthToken(String acctId, String externalEmail, String pass, String digest, long expires)
/*     */   {
/* 294 */     this.accountId = acctId;
/* 295 */     this.expires = expires;
/* 296 */     this.externalUserEmail = (externalEmail == null ? "public" : externalEmail);
/* 297 */     this.digest = (digest != null ? digest : generateDigest(externalEmail, pass));
/* 298 */     this.type = "external";
/* 299 */     this.tokenID = Integer.valueOf(new Random().nextInt(2147483646) + 1);
/*     */     try {
/* 301 */       Account acct = Provisioning.getInstance().getAccountById(this.accountId);
/* 302 */       if (acct != null) {
/* 303 */         Server server = acct.getServer();
/* 304 */         if (server != null) {
/* 305 */           this.server_version = server.getAttr("zimbraServerVersion", "");
/*     */         }
/*     */       }
/*     */     } catch (ServiceException e) {
/* 309 */       LOG.error("Unable to fetch server version for the user account", e);
/*     */     }
/*     */   }
/*     */   
/*     */   public String getAccountId()
/*     */   {
/* 315 */     return this.accountId;
/*     */   }
/*     */   
/*     */   public String getAdminAccountId()
/*     */   {
/* 320 */     return this.adminAccountId;
/*     */   }
/*     */   
/*     */   public long getExpires()
/*     */   {
/* 325 */     return this.expires;
/*     */   }
/*     */   
/*     */   public int getValidityValue()
/*     */   {
/* 330 */     return this.validityValue;
/*     */   }
/*     */   
/*     */   public boolean isExpired()
/*     */   {
/* 335 */     return System.currentTimeMillis() > this.expires;
/*     */   }
/*     */   
/*     */   public boolean isAdmin()
/*     */   {
/* 340 */     return this.isAdmin;
/*     */   }
/*     */   
/*     */   public boolean isDomainAdmin()
/*     */   {
/* 345 */     return this.isDomainAdmin;
/*     */   }
/*     */   
/*     */   public boolean isDelegatedAdmin()
/*     */   {
/* 350 */     return this.isDelegatedAdmin;
/*     */   }
/*     */   
/*     */   public boolean isZimbraUser()
/*     */   {
/* 355 */     return (this.type == null) || (this.type.compareTo("zimbra") == 0);
/*     */   }
/*     */   
/*     */   public String getExternalUserEmail()
/*     */   {
/* 360 */     return this.externalUserEmail;
/*     */   }
/*     */   
/*     */   public String getDigest()
/*     */   {
/* 365 */     return this.digest;
/*     */   }
/*     */   
/*     */   public String getAccessKey()
/*     */   {
/* 370 */     return this.accessKey;
/*     */   }
/*     */   
/*     */   public AuthMechanism.AuthMech getAuthMech()
/*     */   {
/* 375 */     return this.authMech;
/*     */   }
/*     */   
/*     */   private void register()
/*     */   {
/*     */     try {
/* 381 */       Account acct = Provisioning.getInstance().get(Key.AccountBy.id, this.accountId);
/* 382 */       if ((!this.type.equalsIgnoreCase("external")) && 
/* 383 */         (Provisioning.getInstance().getLocalServer().getLowestSupportedAuthVersion() > 1)) {
/*     */         try {
/* 385 */           acct.cleanExpiredTokens();
/*     */         } catch (ServiceException e) {
/* 387 */           LOG.error("unable to de-register auth token", e);
/*     */         }
/* 389 */         acct.addAuthTokens(String.format("%d|%d|%s", new Object[] { this.tokenID, Long.valueOf(this.expires), this.server_version }));
/*     */       }
/*     */     }
/*     */     catch (ServiceException e) {
/* 393 */       LOG.error("unable to register auth token", e);
/*     */     }
/*     */   }
/*     */   
/*     */   public void deRegister() throws AuthTokenException
/*     */   {
/*     */     try
/*     */     {
/* 401 */       Account acct = Provisioning.getInstance().getAccountById(this.accountId);
/* 402 */       if (acct != null) {
/* 403 */         acct.removeAuthTokens(String.format("%d|%d|%s", new Object[] { this.tokenID, Long.valueOf(this.expires), this.server_version }));
/*     */       }
/* 405 */       if (acct.getBooleanAttr("zimbraLogOutFromAllServers", false)) {
/* 406 */         AuthTokenRegistry.addTokenToQueue(this);
/*     */       }
/*     */     } catch (ServiceException e) {
/* 409 */       throw new AuthTokenException("unable to de-register auth token", e);
/*     */     }
/*     */   }
/*     */   
/*     */   public String getEncoded()
/*     */     throws AuthTokenException
/*     */   {
/* 416 */     if (this.encoded == null) {
/* 417 */       StringBuilder encodedBuff = new StringBuilder(64);
/* 418 */       BlobMetaData.encodeMetaData("id", this.accountId, encodedBuff);
/* 419 */       BlobMetaData.encodeMetaData("exp", Long.toString(this.expires), encodedBuff);
/* 420 */       if (this.adminAccountId != null) {
/* 421 */         BlobMetaData.encodeMetaData("aid", this.adminAccountId, encodedBuff);
/*     */       }
/* 423 */       if (this.isAdmin) {
/* 424 */         BlobMetaData.encodeMetaData("admin", "1", encodedBuff);
/*     */       }
/* 426 */       if (this.isDomainAdmin) {
/* 427 */         BlobMetaData.encodeMetaData("domain", "1", encodedBuff);
/*     */       }
/* 429 */       if (this.isDelegatedAdmin) {
/* 430 */         BlobMetaData.encodeMetaData("dlgadmin", "1", encodedBuff);
/*     */       }
/* 432 */       if (this.validityValue != -1) {
/* 433 */         BlobMetaData.encodeMetaData("vv", this.validityValue, encodedBuff);
/*     */       }
/* 435 */       BlobMetaData.encodeMetaData("type", this.type, encodedBuff);
/*     */       
/* 437 */       if (this.authMech != null) {
/* 438 */         BlobMetaData.encodeMetaData("am", this.authMech.name(), encodedBuff);
/*     */       }
/*     */       
/* 441 */       BlobMetaData.encodeMetaData("tid", this.tokenID.intValue(), encodedBuff);
/* 442 */       BlobMetaData.encodeMetaData("email", this.externalUserEmail, encodedBuff);
/* 443 */       BlobMetaData.encodeMetaData("digest", this.digest, encodedBuff);
/* 444 */       BlobMetaData.encodeMetaData("version", this.server_version, encodedBuff);
/* 445 */       if (this.csrfTokenEnabled) {
/* 446 */         BlobMetaData.encodeMetaData("csrf", "1", encodedBuff);
/*     */       }
/*     */       
/* 449 */       String data = new String(Hex.encodeHex(encodedBuff.toString().getBytes()));
/* 450 */       AuthTokenKey key = getCurrentKey();
/* 451 */       String hmac = getHmac(data, key.getKey());
/* 452 */       this.encoded = (key.getVersion() + "_" + hmac + "_" + data);
/*     */     }
/* 454 */     return this.encoded;
/*     */   }
/*     */   
/*     */   public static String getHmac(String data, byte[] key) {
/*     */     try {
/* 459 */       ByteKey bk = new ByteKey(key);
/* 460 */       Mac mac = Mac.getInstance("HmacSHA1");
/* 461 */       mac.init(bk);
/* 462 */       return new String(Hex.encodeHex(mac.doFinal(data.getBytes())));
/*     */     } catch (NoSuchAlgorithmException e) {
/* 464 */       throw new RuntimeException("fatal error", e);
/*     */     } catch (InvalidKeyException e) {
/* 466 */       throw new RuntimeException("fatal error", e);
/*     */     }
/*     */   }
/*     */   
/*     */   public String getCrumb() throws AuthTokenException
/*     */   {
/* 472 */     String authToken = getEncoded();
/*     */     try {
/* 474 */       ByteKey bk = new ByteKey(getCurrentKey().getKey());
/* 475 */       Mac mac = Mac.getInstance("HmacMD5");
/* 476 */       mac.init(bk);
/* 477 */       return new String(Hex.encodeHex(mac.doFinal(authToken.getBytes())));
/*     */     } catch (NoSuchAlgorithmException e) {
/* 479 */       throw new RuntimeException("fatal error", e);
/*     */     } catch (InvalidKeyException e) {
/* 481 */       throw new RuntimeException("fatal error", e);
/*     */     }
/*     */   }
/*     */   
/*     */   private String getOrigAuthData() throws ServiceException {
/* 486 */     String origAuthData = null;
/*     */     try {
/* 488 */       origAuthData = getEncoded();
/* 489 */       if (origAuthData == null)
/* 490 */         throw ServiceException.FAILURE("unable to get encoded auth token", null);
/*     */     } catch (AuthTokenException e) {
/* 492 */       throw ServiceException.FAILURE("unable to get encoded auth token", e);
/*     */     }
/*     */     
/* 495 */     return origAuthData;
/*     */   }
/*     */   
/*     */   public boolean isRegistered()
/*     */   {
/* 500 */     if (this.type.equalsIgnoreCase("external")) {
/* 501 */       return true;
/*     */     }
/*     */     try {
/* 504 */       Provisioning prov = Provisioning.getInstance();
/*     */       
/*     */ 
/* 507 */       Server localServer = Provisioning.getInstance().getLocalServer();
/* 508 */       if (localServer.getLowestSupportedAuthVersion() < 2) {
/* 509 */         return true;
/*     */       }
/* 511 */       Account acct = prov.getAccountById(this.accountId);
/* 512 */       if (acct != null) {
/* 513 */         if (isRegisteredInternal(acct)) {
/* 514 */           return true;
/*     */         }
/*     */         
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/* 522 */         prov.reload(acct);
/* 523 */         return isRegisteredInternal(acct);
/*     */       }
/*     */     }
/*     */     catch (ServiceException e) {
/* 527 */       LOG.fatal("Unable to verify auth token registration in LDAP", e);
/*     */     }
/*     */     
/* 530 */     return false;
/*     */   }
/*     */   
/*     */   private boolean isRegisteredInternal(Account acct) {
/* 534 */     String[] tokens = acct.getAuthTokens();
/* 535 */     for (String tk : tokens) {
/* 536 */       if (tk.startsWith(this.tokenID.toString())) {
/* 537 */         return true;
/*     */       }
/*     */     }
/* 540 */     return false;
/*     */   }
/*     */   
/*     */   public void encode(HttpClient client, HttpMethod method, boolean isAdminReq, String cookieDomain)
/*     */     throws ServiceException
/*     */   {
/* 546 */     String origAuthData = getOrigAuthData();
/*     */     
/* 548 */     HttpState state = new HttpState();
/* 549 */     client.setState(state);
/*     */     
/* 551 */     state.addCookie(new Cookie(cookieDomain, ZimbraCookie.authTokenCookieName(isAdminReq), origAuthData, "/", null, false));
/*     */     
/* 553 */     client.getParams().setCookiePolicy("compatibility");
/*     */   }
/*     */   
/*     */   public void encode(HttpState state, boolean isAdminReq, String cookieDomain) throws ServiceException
/*     */   {
/* 558 */     String origAuthData = getOrigAuthData();
/* 559 */     state.addCookie(new Cookie(cookieDomain, ZimbraCookie.authTokenCookieName(isAdminReq), origAuthData, "/", null, false));
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */   public void encode(HttpServletResponse resp, boolean isAdminReq, boolean secureCookie, boolean rememberMe)
/*     */     throws ServiceException
/*     */   {
/* 567 */     String origAuthData = getOrigAuthData();
/*     */     Integer maxAge;
/*     */     Integer maxAge;
/* 570 */     if (rememberMe) {
/* 571 */       long timeLeft = this.expires - System.currentTimeMillis();
/* 572 */       maxAge = Integer.valueOf((int)(timeLeft / 1000L));
/*     */     } else {
/* 574 */       maxAge = Integer.valueOf(-1);
/*     */     }
/*     */     
/* 577 */     ZimbraCookie.addHttpOnlyCookie(resp, ZimbraCookie.authTokenCookieName(isAdminReq), origAuthData, ZimbraCookie.PATH_ROOT, maxAge, secureCookie);
/*     */   }
/*     */   
/*     */ 
/*     */   public void encodeAuthResp(Element parent, boolean isAdmin)
/*     */     throws ServiceException
/*     */   {
/* 584 */     if (isAdmin) {
/* 585 */       parent.addElement("authToken").setText(getOrigAuthData());
/*     */     } else {
/* 587 */       parent.addElement("authToken").setText(getOrigAuthData());
/*     */     }
/*     */   }
/*     */   
/*     */   public ZAuthToken toZAuthToken() throws ServiceException
/*     */   {
/* 593 */     return new ZAuthToken(getOrigAuthData(), this.proxyAuthToken);
/*     */   }
/*     */   
/*     */   public void setProxyAuthToken(String encoded)
/*     */   {
/* 598 */     this.proxyAuthToken = encoded;
/*     */   }
/*     */   
/*     */   public String getProxyAuthToken()
/*     */   {
/* 603 */     return this.proxyAuthToken;
/*     */   }
/*     */   
/*     */   public void resetProxyAuthToken()
/*     */   {
/* 608 */     this.proxyAuthToken = null;
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */   public boolean isCsrfTokenEnabled()
/*     */   {
/* 616 */     return this.csrfTokenEnabled;
/*     */   }
/*     */   
/*     */   public void setCsrfTokenEnabled(boolean csrfEnabled)
/*     */   {
/* 621 */     if (csrfEnabled != this.csrfTokenEnabled) {
/* 622 */       synchronized (ZimbraAuthToken.class) {
/* 623 */         if (this.encoded != null) {
/* 624 */           CACHE.remove(this.encoded);
/*     */         }
/*     */       }
/* 627 */       this.csrfTokenEnabled = csrfEnabled;
/*     */       
/* 629 */       this.encoded = null;
/*     */     }
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */   public void resetTokenId()
/*     */   {
/* 641 */     this.tokenID = Integer.valueOf(new Random().nextInt(2147483646) + 1);
/* 642 */     this.encoded = null;
/* 643 */     register();
/*     */   }
/*     */   
/*     */   static class ByteKey implements SecretKey
/*     */   {
/*     */     private static final long serialVersionUID = -7237091299729195624L;
/*     */     private final byte[] mKey;
/*     */     
/*     */     ByteKey(byte[] key) {
/* 652 */       this.mKey = ((byte[])key.clone());
/*     */     }
/*     */     
/*     */     public byte[] getEncoded()
/*     */     {
/* 657 */       return this.mKey;
/*     */     }
/*     */     
/*     */     public String getAlgorithm()
/*     */     {
/* 662 */       return "HmacSHA1";
/*     */     }
/*     */     
/*     */     public String getFormat()
/*     */     {
/* 667 */       return "RAW";
/*     */     }
/*     */   }
/*     */   
/*     */   public ZimbraAuthToken clone()
/*     */     throws CloneNotSupportedException
/*     */   {
/* 674 */     return (ZimbraAuthToken)super.clone();
/*     */   }
/*     */   
/*     */   public static void main(String[] args) throws ServiceException, AuthTokenException {
/* 678 */     Account a = Provisioning.getInstance().get(Key.AccountBy.name, "user1@example.zimbra.com");
/* 679 */     ZimbraAuthToken at = new ZimbraAuthToken(a);
/* 680 */     long start = System.currentTimeMillis();
/* 681 */     String encoded = at.getEncoded();
/* 682 */     for (int i = 0; i < 1000; i++) {
/* 683 */       new ZimbraAuthToken(encoded);
/*     */     }
/* 685 */     long finish = System.currentTimeMillis();
/* 686 */     System.out.println(finish - start);
/*     */     
/* 688 */     start = System.currentTimeMillis();
/* 689 */     for (int i = 0; i < 1000; i++) {
/* 690 */       getAuthToken(encoded);
/*     */     }
/* 692 */     finish = System.currentTimeMillis();
/* 693 */     System.out.println(finish - start);
/*     */   }
/*     */ }


/* Location:              /home/mint/zimbrastore.jar!/com/zimbra/cs/account/ZimbraAuthToken.class
 * Java compiler version: 7 (51.0)
 * JD-Core Version:       0.7.1
 */